Over the last decade, malicious software has become a pervasive problem for Internet users as many networked resources include vulnerabilities that are subject to attack. For instance, over the past few years, an increasing number of vulnerabilities are being discovered in software that is loaded onto network devices, such as vulnerabilities within operating systems, for example. While some vulnerabilities continue to be addressed through software patches, prior to the release of such software patches, network devices will continue to be targeted for attack by malware, namely information such as computer code that attempts during execution to take advantage of a vulnerability in computer software by acquiring sensitive information or adversely influencing or attacking normal operations of the network device or the entire enterprise network.
Conventionally, malware is configured to activate when it is processed in a generic software environment. However, certain malware may be configured so that malicious behavior is only exhibited when the malware is exposed to a particular software environment. The specific software profiles (e.g., application version, operating system/version, etc.) in which malware is activated—and its behaviors observed during processing—may be referred to as a susceptible software environment.
Unfortunately, conventional malware analysis systems may erroneously output a “false negative” result if the client device, for example, is not operating in the particular software environment(s) that are the target of the malware.
Accordingly, a need exists for an improved malware detection system, apparatus and method that is configured to detect malicious objects by analyzing various “views” with respect to the malicious objects, so as to configure software profiles for use in determining one or more susceptible software environments.